Cybersecurity Leadership

In order to assist clients of all shapes and sizes, a familiarity with several different methods to evaluate, assess and remediate cyber risks is critical. This is why the various methodologies we use are so important to leverage.

Methodology | tekrisq cybersecurity risk management

Cybersecurity Risk Management Methodology

A pragmatic, data-driven approach to framework mapping and cross-functional compliance.

Mapping Frameworks to Best Practices

Despite significant overlaps across global frameworks, Tekrisq believes it is vital to map these areas pragmatically to cybersecurity best practices. Every assessment we perform captures high-fidelity data that is referenced across multiple standards. This eliminates redundant data entry while providing specific, actionable insights for your unique regulatory and business requirements.

Audit Readiness

SOC 2 & ISO 27001

Our methodology focuses on the Trust Services Criteria and ISMS management. We capture the evidence needed to prove the effectiveness of your controls, drastically reducing the time required to achieve and maintain audit readiness.

Privacy & Global Data

EU-U.S. DPF, GDPR & CCPA

We manage data privacy risk by tracking data flow and residency. Whether you are navigating the EU-U.S. Data Privacy Framework, European GDPR, or California's CCPA, our methodology ensures your privacy posture is defensible.

Military Contractor Readiness

CMMC Framework

Essential for military contractors, our CMMC readiness assessments map directly to the required practice levels. We ensure that your data security safeguards align with the Department of Defense requirements for protecting CUI.

Insurance & State Regulatory

NAIC, NYDFS & HIPAA

Impact on SMBs: Small businesses face heavy pressure from the NAIC Data Security Model Law and NYDFS. We simplify these complex requirements into manageable tasks that ensure compliance without stalling business operations.

Specialized Expertise

TPRA (Third Party Risk)

tekrisq has achieved deep expertise and certification within the Third Party Risk Association (TPRA) framework. We apply these standards to evaluate the risks inherent in your vendor ecosystem and supply chain.

Government & Critical Systems

NIST 800-53 & CSA

While NIST 800-53 is relied on only for very specific clients interacting with federal agencies, our methodology also incorporates Cloud Security Alliance (CSA) standards for cloud-native infrastructure.

NIST Cybersecurity Framework (CSF)

Foundational for Critical Infrastructure and SMB Best Practices

IDENTIFY
PROTECT
DETECT
RESPOND
RECOVER

Identify Function

Focuses on understanding business context, resources that support critical functions, and the related cybersecurity risks.

Practical Example: Mapping digital assets and identifying which specific data sets fall under PCI DSS or HIPAA jurisdiction.

Protect Function

Outlines safeguards to ensure delivery of critical services, regardless of framework.

Practical Example: Implementing multi-factor authentication (MFA) as a core control required by SOC 2, CMMC, and NYDFS alike.

Detect Function

Defining the activities necessary to identify the occurrence of a cybersecurity event.

Practical Example: Setting up logging and monitoring systems that meet the audit requirements for ISO 27001 and NIST 800-53.

Respond Function

Ensures that the organization has the ability to take action once a detection occurs.

Practical Example: Incident Response planning that satisfies the 72-hour notification windows often required by GDPR and NAIC model laws.

Recover Function

Activities to restore any capabilities or services that were impaired due to a cybersecurity incident.

Practical Example: Verifying backup integrity and business continuity plans for critical infrastructure providers.

tekrisq, inc. | secure your cyber ecosystem

Methodologies used: NIST CSF, NIST 800-53, ISO 27001, SOC 2, CMMC, TPRA, CSA, PCI DSS, GDPR, CCPA, EU-U.S. DPF, HIPAA, NYDFS, & NAIC.